Skip to:
Content
Pages
Categories
Search
Top
Bottom

Huge Security Hole with wp-admin?

  • Avatar of Jsonb123
    JsonB123
    Participant

    @jsonb123

    I just registered new test accounts on my BuddyPress site and after I get the email activations and login, I can login to wp-admin with these “subscriber” accounts and change EVERYTHING on the back-end!

    I look at user roles and they are still “subscribers” but the bar at the top says “Hi admin! You’re logged in as a site administrator.” What is going on here?! I know I installed BuddyPress correctly.

    Using WPMU 2.7.1, BuddyPress 1.0 and BBPress alpha 6.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Avatar of Seppolaatle112
    seppolaatle112
    Participant

    @seppolaatle112

    If you are sure you installed Buddypress correctly, you need either some sleep or maybe some coffee.

    This is not some bug in Buddypress. Are you sure you didnt register a blog with the account, and that the backend you see belongs to this blog? It is quite clear that members are administrators on their own blog. Can you see the Buddypressmenu in your menu to the left after logging in?

    Avatar of Hyrxx
    hyrxx
    Participant

    @hyrxx

    hi admin is your main admin account, your still logged in, try using firefox for your main account (admin) and use a different browser to test other registrations and logins

    this might help separate the confusion for you, i also use this method sometimes as cookies are separate between browsers ;)

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.